CVE-2020-8612

Опубликовано: 14 фев. 2020

Источник: nvd

CVSS3: 9

CVSS2: 6

EPSS Низкий

Описание

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS.

Ссылки

https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020
Patch
Vendor Advisory
https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm
Release Notes
Vendor Advisory
https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm
Release Notes
Vendor Advisory
https://status.moveitcloud.com/
Product
https://community.ipswitch.com/s/article/MOVEit-Transfer-Security-Vulnerabilities-Feb-2020
Patch
Vendor Advisory
https://docs.ipswitch.com/MOVEit/Transfer2019_1/ReleaseNotes/en/index.htm#49443.htm
Release Notes
Vendor Advisory
https://docs.ipswitch.com/MOVEit/Transfer2019_2/ReleaseNotes/en/index.htm#49677.htm
Release Notes
Vendor Advisory
https://status.moveitcloud.com/
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:progess:moveit_transfer:*:*:*:*:*:*:*:*

Версия от 2019.1 (включая) до 2019.1.4 (исключая)

cpe:2.3:a:progress:moveit_transfer:*:*:*:*:*:*:*:*

Версия от 2019.2 (включая) до 2019.2.1 (исключая)

EPSS

Процентиль: 7%

0.00028

Низкий

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-7q5w-gw6h-9g37

github

больше 3 лет назад